Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

darthcamaro writes "Unlike every other major browser vendor, Mozilla today does not allow users to have their private mode browser window open at the same time as a regular browser window. That's now set to change. This is a flaw that has been in Bugzilla since 2008 and has been the subject of heated discussion for years."

That's one of the very few features that I'd always wanted Firefox to adopt from Chromium, and now it's actually happening - yay for Firefox 20. Can't be longer than a few weeks any more anyway; now can it?;p

There's scope for improvement over Chrome; with Chrome, if I open one incognito window, log in to something or other and then open a completely fresh incognito window, it'll still have the same cookies as the other one.... I'd like to have new windows be completely separate incognito sessions. So I hope Firefox does this right!!

I've got real tired of seeing people here bitch about FF's version number inflation causing them to move over to Chrome... ignoring the fact Chrome has an even higher version number after fewer years of existence compared to FF.

This basic math failure is quite egregious on an site supposedly for nerds.

First thing I do on Firefox is set it to dump all cookies/cache/history/etc/etc every time it closes. 100% on all the time private mode would be just fine, thanks. Unless you *like* big brother watching you.

That's because there are none. Seriously, start taking your schizophrenia meds, because no-one is out to get you. No-one cares what websites you visit. It will not affect your life in any meaningful way.

Because I don't care. Things can track me all they like. I seriously don't care whether they do or not. (Except every once in a blue moon, in which case, I toggle on private mode. Or just log out of google, because that's where most of the major tracking is going on...:p)

Or you want usability. Or do you tell me you never use bookmark, history, or anything in your web browsing. Always type every URL per hand?Cause thats more or less what it would boil down to be always in privacy mode

Let me guess, you thing you are a big shot because you have them on your google account...

Firefox has supported multiple simultaneous sessions since at least the 3.x days.

Use these command-line options:

-ProfileManager -new-instance

Then create as many different profiles as you want. They will all have their own history, bookmarks, add-ons, cookies, etc. The only place you have to worry about cross-profile pollution is with plugins like flash that keep state (like flash-cookies) in their own directory rather than under the firefox profile directory.

I have about 8 different profiles - one for gmail, one for my bank, one for slashdot, one for IMDB, etc and I keep a special "anonymous" profile that is basically a private-mode session, it wipes everything on exit, cookies, disk cache, history, etc. I even use the "User Agent Switcher" add-on so that each profile pretends to be a slightly different version of Firefox to make browser fingerprinting a little bit harder.

Security is never 100% - on both the attacking and the defending sides. It is always a trade-off between effort and results. I figure the majority of trackers will not go to those extremes to track people because not enough people even go so far as to diddle the user-agent string. It just isn''t worth their time to do it and do it reliably when pay-out is such a small fraction of the total.

Look at EFF's Panopticlick website to see the breadcrumbs you're leaving behind. And don't forget that if you're coming in from the same IP address, even with all of those different purported browser-agent strings, it's easy enough to collect those data together and make a profile for that IP address and for the various sites hit at the various times of day. If you've got certain niche websites which you visit, the combination of websites visited could also be seen as a fingerprint also.;>)https://panopticlick.eff.org/ [eff.org]

re you eventually end up trying to distinguish among 200 unique visitors behind one carrier-grade NAT.

But that's where the browser fingerprinting as described at https://panopticlick.eff.org/ [eff.org] comes in: even if you have javascript disabled, your browser sends along information about your:
-- media types accepted
-- cookies enabled
-- HTTP-accept headers
-- and of course, your user-agent.
Even behind noscript, my browsing leaks 17.96 bits of information, according to the EFF panopticlick survey for me. I

You don't seem to realize that all those bits of identifying information are a lot less useful when some of them are deliberately polluted.

So, carrier-grade NAT to mix traffic between multiple different users plus minor variations in fingerprinting information makes it exceptionally difficult to correlate different website accesses with a unique user. The problem has now gone from one that can be reasonably automated to one that is going to require human judgment, so the risk has gone from being caught up

Firefox has supported multiple simultaneous sessions since at least the 3.x days.

They don't work properly in Ubuntu. Do a "firefox -P myprofile" while you have another profile running and Firefox will open a new Window with profile that was already running, not the one you gave on the command line. It's pretty badly broken and nobody seems to care.

You need to do -a blargle to get it to avoid just sending a request to the running session. I'd say the behavior isn't ideal but this is at least a workaround that lets me have multiple profiles running for dev/test/browsing.

And doesn't seem to have any effect for me. If I remember correctly, -a used to be to select the running process instance in the past, but even back then it never worked for me either. The relevant bug report [launchpad.net] from 2006 about the profile mess.

I do this on ubuntu, and it seems to work:firefox -no-remote --ProfileManager

It's useful for me because I like to use non-standard color
settings, but there are sites that are unusable if you don't let
them set their own colors. (It'd be nice if there were a better
solution, but switching profiles as necessary is what I've been
living with.)

That's essentially the same as "-no-remote" and just gives a error message if an instance is already running:

"Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."

If you are wondering why I am not simply opening a new window via the GUI if an instance is already running: Sometimes the last window left of the instance will be a download window and the download window doesn't give you an option to open a new window.

Yes, chrome is awful too. Browsers in general are pretty awful. Traditionally they have bent over backwards to enable plugins to do whatever they want, which is why this bug occured and more importantly why it has never been fixed and cannot be fixed. It's not a technical problem, it's a political problem, at this point a patch that fixed the original bug would never be accepted, it would cause too many problems with existing plugins.

The only browser I know of that at least partially avoids this bug is Oper

Hmm I could have sworn I have experienced it on both IE and Safari at some point, some sort of plugin blocking ctrl(cmd)+w at the very least. It seemed to me that all the browsers, not just firefox, were keen to 'enable' plugins. There was all that talk about the browser being the OS, you might recall - trying hard to encourage people to develop their programs with the browser as the target platform. I can understand programmers targetting that 'platform' wouldnt be happy about being told they wont even rec

Opera at the very least isnt susceptible to the same bug in the most common test case. I dont pretend to have tested it thoroughly. I just now tested IE and it passes the same. Chrome and Firefox failed. The fault is the affected browsers. They should be getting that keypress first, and not passing it through to the plugin.

I'm still waiting for the window drag handle to be the entire "glass" area at the top, and not just the top X% of it. Ever since Windows Vista/7, Microsoft has made it a defacto standard that any part of a window that is "glass" is a drag handle, and Chrome does this nicely. It is very annoying to not have a visual indicator of where the drag handle starts/stops, and more annoying to have that empty glass space become more or less "useless" if the browser isn't full of a million tabs.

There is a feature that I very much like in Firefox: if you have ordinary horizontal tab bar and you open a lot of tabs, it makes the tab strip scrollable, instead of squeezing the tabs smaller and smaller. With all other browsers you just end up with tiny tabs which text you can't read, which is horrible.

When browsing in private mode, if you then switch back to normal, when you close Firefox and as the tabs shut down, you usually get one of the supposedly private pages flash up briefly. Clearly not all buffers are cleared when exiting privacy mode.

I really like MicroSofts decision to make do-not-track default in IE10. The same should be set for other web sites and people should get a large popup for each site that requires them to allow tracking (yes, per site base exceptions).

Also, It should be easy to configure Tor or other proxies for do-not-track sessions, or even per domain/site that's being visited. Storing IP addresses will often make tracking still feasible and often rather simple. FaceBook keeps "ghost profiles" for people based solely on c

people should get a large popup for each site that requires them to allow tracking

You do not seem to understand what is "do-not-track". This is just a declaration of the user to "Do not track me". Nothing technically forces the site to not track you. In fact, most of the advertising agencies that say they implement it say that they will just not use the tracking data to show you personnalized ads. You will get only generic ads not based on your profile, but will still be profiled.Worse, if "Do-not-Tack" is enabled in Firefox, this adds an additional bit of valuable information [eff.org] to your tracking profile: the fact that you are privacy-aware.

So don't count on Do-not-Track only if you want that your privacy be respected. Use additional tools such as AdBlock Plus and Ghostery and allow cookies only siste by site with a whitelist.

I'm waiting for incognito mode not only not to leave track on the computer itself but also on the remote sites I visit. How is it incognito if I connect somewhere I've been before to and you send the cookies that were already saved for that site, for example?

Basically, if I make a request of a page from a server and decide it was a mistake, I want to invoke "undo" and have my browser history go back, wipe any cookies or history or cache trace, plus delete anything downloaded... AND THEN ALSO send an "undo" header to Apache to request wiping my visit from the logs.

Of course that would be open to abuse. So servers should only honor such "undo" requests if they happen within X seconds (say, 120) after the last non-ajax bit was sent to the browser, and as long as no further requests are made by the browser after the first one. For example, click a link on the page, interact with a form widget, or invoke a new ajax request... and you'd totally kill the ability to "undo".

Am I the only one finding it is easier to click somewhere you don't intend to of make other input mistakes when using one of these compared to a conventional 3 button mouse with a scroll wheel?

Nope. Can't do without a mouse. I guess a tablet (WACOM etc.) might be sweet too, but none of that other crap for me. It's just crap... I'm not even a gamer, but I have a somewhat gamer mouse; and that precision and speed is just something I would not want to miss. Flawless is a good word to describe it:)

Basically, if I make a request of a page from a server and decide it was a mistake, I want to invoke "undo" and have my browser history go back, wipe any cookies or history or cache trace, plus delete anything downloaded... AND THEN ALSO send an "undo" header to Apache to request wiping my visit from the logs.

Of course that would be open to abuse. So servers should only honor such "undo" requests if they happen within X seconds (say, 120) after the last non-ajax bit was sent to the browser, and as long as no further requests are made by the browser after the first one. For example, click a link on the page, interact with a form widget, or invoke a new ajax request... and you'd totally kill the ability to "undo".

Actually, as a web guy, I also care about logs that are free from false positives due to accidental clicks and redirects. A feature like this would help me verify that traffic to a page on the site is purposeful and desired by the end user.

Not a very bright web guy? Just look at how long they are on your page, less than X minutes and you just wipe their session again (or reverse it and just mark sessions that are actually busy enough to count as "interested").

(and don't wipe the data, amount of people who aren't interested in your site is probably as important as how many are)

I'm waiting for incognito mode not only not to leave track on the computer itself but also on the remote sites I visit. How is it incognito if I connect somewhere I've been before to and you send the cookies that were already saved for that site, for example?

According to the help page about Incognito mode [google.com],it explicitly states it deletes all cookies when you exit incognito mode. Use it for single purpose at a time, and close it out after the fact, there will be no cookies left for them to find.

Never log into any account while in incognito mode, unless you ONLY log in there while in incognito mode.

For a Chrome-addict like me, what I've been waiting for is the option to open an incognito tab within the same window as regular tabs. Apparently this lack of functionality is a feature intended to ease confusion among users. For me, I just find it irritating.

No, its to prevent leakage of data via the container. Each tab is supposedly running in a sandbox, but if they are in the same container window there is a risk there.

Well some of us do more with a computer than check up on the latest kardashian kraze and failbook. While we have browser preferences, we tend to choose the one that has the plugins we need, even if it is technically inferior software.

Just use month/years in your release numbers. Seriously. A version of Firefox released in december 2012 is firefox 12.12. Simple. Gives you a clear idea of its modernity. No confusion or consternation.

If anyone else needs simple solutions, I'll be over here sitting in the Idea Booth.

The issue is not so much that 64-bit is dropped or deemed unimportant; the issue is that Mozilla as a corporation has limited resources to devote to 64-bit Windows builds.

Basically, the main blockers are:

- Plugins. 64-bit plugins on Windows are still not 100% and there currently isn't a way of loading 32-bit plugins in a 64-bit Firefox. Yes, ideally Firefox would have this, but again - resources.- Testing. It'd add another column onto the test matrix which is a non-negligible cost overhead to the release en